Espionage malware the Mask is surprisingly old fashioned

0Shares

A family of espionage malware described by Kaspersky as one of the "most advanced global cyber-espionage operations to date" has been found to use old fashioned techniques to harm its victims.

IT security firm Context discovered that the Mask, also known as Careto, infects the first executable that loads as Windows boots, a trick "plucked out of the history books" that gives hackers control of an operating system’s security.

Kevin O’Reilly, a senior researcher at Context, said: "This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 90s or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?"

The use of a "bootkit" to attack an operating system before it has loaded makes the Mask "a very potent weapon", but Context believe this style of attack has been neglected by the security industry.

The Mask also has the ability to record keystrokes, intercept Skype calls and interfere with wireless activity, and hackers can use it to steal encryption keys as well.

"Now that it has been discovered, anti-virus vendors have added detection to their products so it is no longer a real risk," O’Reilly said.

"The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset.

"What is unclear is whether this is a one off or a trend to watch out for."